search

jumaris / indyproject

Automatically exported from code.google.com/p/indyproject
0 stars 0 forks source link

TIdSASLDigest.StartAuthentication() does not parse Challenge correctly #245

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
When TIdSASLDigest.StartAuthentication() parses the following challenge:

realm="microsof-db482b",nonce="fTYdQPacyyiX1BlHyMW8N8rubUqMhEhgj5zGNkYo",qop="au
th",charset=utf-8,algorithm=md5-sess

Every odd-indexed value is not unquoted correctly when split into a local 
TStringList, resulting in the following data that is then used to calculate an 
incorrect response:

realm="microsof-db482b"
nonce=fTYdQPacyyiX1BlHyMW8N8rubUqMhEhgj5zGNkYo
qop="auth"
charset=utf-8
algorithm=md5-sess

It should be splitting the values into the TStringList like this instead:

realm=microsof-db482b
nonce=fTYdQPacyyiX1BlHyMW8N8rubUqMhEhgj5zGNkYo
qop=auth
charset=utf-8
algorithm=md5-sess

Original issue reported on code.google.com by gambit47 on 6 Jan 2013 at 9:58

GoogleCodeExporter commented 9 years ago 
Fixed in rev 4909.

Original comment by gambit47 on 6 Jan 2013 at 10:00